People, not algorithms, are the best way to fight hacking. Here’s Why.
So Apple launches an online music store. It looks very nice when put side by side with the competition. For starters, there doesn’t seem to be any monthly fee and all tracks are the same price. This seems like a good idea until you start reading the fine print… according to Apple, the tracks you download are high-quality AAC music files. AAC files? what are those? A quick search on the Apple site reveals that AAC stands for Advanced Audio Coding and that’s a format that works on well, it works on the mac and on the iPod. If you want to carry that anywhere else, you can’t. OK, well, I’m a programmer and that’s a new sound format, maybe I can write a decoder. So where’s the format. Oh, here it is. What, I have to pay to read the standard? What if I wanted to develop a free decoder? Oh, right, I would have to pay for that too! Oh well, back to my regular MP3 collection then. At least I can use it either on my PC, mac, and existing MP3 player. I don’t have to be locked into a particular OS, use a particular player or…Read More
A new worm called Hybris has been spreading across computers in Europe, the United States and South America. While it currently carries a non-destructive payload, some Anti Virus developers are worried that its plug-in architecture could turn it into a much more dangerous virus, opening backdoors in computer systems and escalating the war between virus makers and anti-virus developers. First discovered in South America by Kapersky Labs, a Russian anti-virus developer, the worm has spread through email to Europe and the United States at an increasing pace. “Hybris is one of the more common virus we’re seeing right now,” said Brian Kinj, a member of the technical staff at the CERT coordination center. Because it carries a non-destructive payload, the anti-virus community has been split over the threat level the virus represents. In the United States, the Joint Task Force Computer Network Defense, a division of the US department of defense, has upgraded the virus to a high-risk status. Meanwhile, European virus tracker Peter Kruse, of virus112.com, has announced on Usenet that his company was upgrading the virus threat to a medium risk status, due to the recent spread of the virus in Europe. Companies like Symantec and Sophos, however,…Read More
The leading contender for the communications protocol that facilitates the world’s business transactions is designed to transmit data over HTTP, in the clear. Although some of the creators of Simple Object Access Protocol (SOAP) have expressed concern, the consortium responsible for redrafting SOAP into the new Extensible Markup Language (XML) Protocol is nearing agreement that security is, simply put, not their problem. In the meantime — and possibly as a result– Microsoft and Verisign have just announced a new security procedure for person-to-person SOAP transactions, but a workable mechanism for securing Internet transactions between software and software may be years away. Some of SOAP’s architects contend that building security into their protocol would only sacrifice its simplicity, and that the HTTP sessions that SOAP transactions rely on can already be secured at the session level, with protocols such as SSL. Moreover, securing sessions from outside interception, security experts believe, cannot protect transactions from two other perceived threats: interception from the inside and bad programming. With a protocol extension to SOAP for message attachments in the works, a third possible threat emerges — one that too many have become familiar with: malicious scripts. Chris Dix, a SOAP programmer with FMStrategies, sides…Read More
I use my browser all the time. It’s one of the programs on my system that just stays open most of the time. I used to love Netscape but was seduced by Microsoft’s Internet Explorer 4.0 and never went back to Netscape on a regular basis since. However, something told me that a browser that was two years in development could outdo the Internet Explorer 5.0 browser I have on my machine. So I downloaded Netscape 6.0, the first browser to be released by Netscape since it was acquired by AOL. The first thing that strikes me in this browser is that it seems very me-too’ish. A lot of the features that made IE a better browser are now there: small install program, not having to install the mail client (I use Eudora anyway), faster page presentation. All those were among the features that lured me into Microsoft’s camp when they released their browser. Sure, having them try to register me to Netcenter was annoying (I managed to bypass that) and it’s true that the browser color scheme (horrible blue) was terrible but I figured that this were only temporary pains. I loaded the 10-20 sites I hit most of…Read More